{
  "type": "Domain",
  "indicator": "thecodechest.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/thecodechest.com",
    "alexa": "http://www.alexa.com/siteinfo/thecodechest.com",
    "indicator": "thecodechest.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 4247186380,
      "indicator": "thecodechest.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 8,
      "pulses": [
        {
          "id": "6a1b88213571f42965ccfdf9",
          "name": "URLert Daily Threat Intel \u2014 2026-05-31",
          "description": "URLert Daily Threat Intel \u2014 2026-05-31\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 29 | Indicators: 59\nConfirmed: 7 | Likely: 22\nTop threats: Phishing (18), Dropper (3), Malware Hosting (3), Malvertising (3), Unknown (2)\nDomains: activated.win, apkmody.com, asst2game.ru, blockimmobilien.de, blogspot.com, carziqo.net, cine97.com, clientoffice.rest, coldcoupons.com, einzzcookie.org, fafda.to, festivephantasyofholiday...\n\n29 unique threats producing 59 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-31T01:00:17.582000",
          "created": "2026-05-31T01:00:17.582000",
          "tags": [
            "access-denied",
            "adult-content",
            "android-malware",
            "antivirus-bypass",
            "automated-download",
            "automated-scan",
            "blogspot",
            "brand-impersonation",
            "bypass-security",
            "citadele",
            "content-locking",
            "credential-harvesting",
            "credit-card-harvesting",
            "daily-threat-intel",
            "data-harvesting",
            "deceptive-activity",
            "deceptive-commerce",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-site",
            "deceptive-subdomain",
            "deceptive-tactics",
            "evasive-site",
            "fake-browser-verification",
            "fake-business",
            "fake-login-form",
            "fake-product",
            "fake-promises",
            "fake-promotion",
            "fake-rewards",
            "fake-store",
            "fake-support-chat",
            "financial-fraud",
            "fraudulent-ad-revenue",
            "fraudulent-content",
            "freelancer-targeting",
            "giveaway-scam",
            "google-docs",
            "google-sites",
            "hidden-destination",
            "hotel-booking-scam",
            "instagram-impersonation",
            "investment-scam",
            "lead-generation",
            "link-shortener",
            "malicious-download",
            "malicious-network",
            "malicious-redirect",
            "malicious-redirection",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "microsoft-outlook",
            "modded-apps",
            "new-domain",
            "newly-registered-domain",
            "nintendo-impersonation",
            "olx-impersonation",
            "payment-card-harvesting",
            "payment-fraud",
            "phishing",
            "phishing-infrastructure",
            "phone-number-harvesting",
            "pirated-software-lure",
            "redirects",
            "retail-scam",
            "roblox",
            "scam",
            "scam-distribution",
            "scam-domain",
            "scam-gateway",
            "scam-template",
            "security-disabling",
            "shopping-scam",
            "snapchat",
            "social-engineering",
            "software-piracy",
            "streaming-scam",
            "survey-scam",
            "suspicious-domain",
            "telegram-engagement",
            "tiktok-impersonation",
            "traffic-distribution-system",
            "traffic-redirection",
            "unauthorized-software",
            "unwanted-software",
            "urlert"
          ],
          "references": [
            "https://urlert.com/domain/activated.win",
            "https://urlert.com/domain/apkmody.com",
            "https://urlert.com/domain/asst2game.ru",
            "https://urlert.com/domain/blockimmobilien.de",
            "https://urlert.com/domain/blogspot.com",
            "https://urlert.com/domain/carziqo.net",
            "https://urlert.com/domain/cine97.com",
            "https://urlert.com/domain/clientoffice.rest",
            "https://urlert.com/domain/coldcoupons.com",
            "https://urlert.com/domain/einzzcookie.org",
            "https://urlert.com/domain/fafda.to",
            "https://urlert.com/domain/festivephantasyofholidayprizes.xyz",
            "https://urlert.com/domain/framer.app",
            "https://urlert.com/domain/google.com",
            "https://urlert.com/domain/jrffhfll.shop",
            "https://urlert.com/domain/kkinstagram.com",
            "https://urlert.com/domain/lamp222memory866.com",
            "https://urlert.com/domain/linkinsfw.xyz",
            "https://urlert.com/domain/lockr.to",
            "https://urlert.com/domain/qsend.info"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Hospitality",
            "Media / Entertainment",
            "Retail / E-Commerce"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 12,
            "URL": 26,
            "domain": 14
          },
          "indicator_count": 52,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 29,
          "modified_text": "9 hours ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d84b940c380e7d4d3cf30c",
          "name": "URLert Daily Threat Intel \u2014 2026-04-10",
          "description": "URLert Daily Threat Intel \u2014 2026-04-10\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 100 | Indicators: 201\nConfirmed: 33 | Likely: 66 | Domain intel: 1\nTop threats: Phishing (89), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (1)\nDomains: 3fox.fun, 76whb36t.lat, activecampaign-team-support.com, altriagroupformerlyphilipmorakfriscompanies.cfd, amazonaws.com, ameli-gouv.com, apkresult.io, assureloans.ca, beauty-date-app.beaut...\n\n100 unique threats producing 201 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-09T21:51:12.227000",
          "created": "2026-04-10T01:00:04.155000",
          "tags": [
            "seur-impersonation",
            "abused-platform",
            "account-recovery-fraud",
            "account-recovery-scam",
            "account-takeover",
            "activecampaign",
            "adult-lure",
            "adult-scam",
            "advance-fee-scam",
            "advertising-scam",
            "affiliate-fraud",
            "anti-analysis",
            "asset-theft",
            "automated-scan",
            "booking-impersonation",
            "brand-impersonation",
            "browser-verification",
            "canada",
            "clickbait",
            "cloudflare-impersonation",
            "coinhako-impersonation",
            "combosquatting",
            "command-execution",
            "compromised-site",
            "constructconnect-impersonation",
            "credential-harvesting",
            "credit-card-harvesting",
            "crypto-casino",
            "crypto-drainer",
            "crypto-exchange",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-exchange",
            "cs2-tournament",
            "daft-ie",
            "daily-threat-intel",
            "dao",
            "data-harvesting",
            "dating-scam",
            "ddns",
            "deceptive-domain",
            "deceptive-notification",
            "deceptive-redirects",
            "deceptive-reward-scheme",
            "deceptive-scam",
            "deceptive-site",
            "deceptive-social-tool",
            "deceptive-tactics",
            "deceptive-url",
            "deceptive-widget",
            "delivery-exception-scam",
            "delivery-failure",
            "delivery-scam",
            "denmark",
            "depop",
            "discord-impersonation",
            "domain-classification",
            "dpd-impersonation",
            "dropshipping-scam",
            "e-commerce-scam",
            "email-phishing",
            "evasive-behavior",
            "executable-download",
            "fake-contest",
            "fake-dating-scam",
            "fake-delivery-notification",
            "fake-download",
            "fake-financial-institution",
            "fake-gifts",
            "fake-legal-document",
            "fake-login",
            "fake-offer",
            "fake-security-alert",
            "fake-security-check",
            "fake-store",
            "fake-survey",
            "fake-testimonials",
            "fake-voting-scam",
            "financial-fraud",
            "financial-scam",
            "fiverr-impersonation",
            "france",
            "fraudulent-platform",
            "free-hosting",
            "free-web-hosting",
            "gate-page",
            "generic-hosting",
            "georgia",
            "georgia-dds",
            "gibberish-domain",
            "gog-impersonation",
            "google-impersonation",
            "government-service",
            "grayware",
            "high-risk-extension",
            "high-risk-tld",
            "hospitality-scam",
            "identity-theft",
            "illegal-drugs",
            "illicit-marketplace",
            "imap-authentication-scam",
            "information-gathering",
            "investment-scam",
            "kaspersky",
            "loan-fee-scam",
            "loblaws",
            "logistics",
            "logistics-impersonation",
            "lookalike-domain",
            "malicious-links",
            "malicious-site",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "mandarin-oriental",
            "meesho",
            "mexc-impersonation",
            "microsoft",
            "misspelled-domain",
            "modded-apk",
            "multi-stage-redirect",
            "nacex",
            "netlify-app",
            "new-domain",
            "newly-registered-domain",
            "obfuscated-javascript",
            "offer-scam",
            "olx",
            "olx-impersonation",
            "package-delivery-scam",
            "patreon-impersonation",
            "payload-delivery",
            "paywall-bypass",
            "personal-data-collection",
            "personal-data-harvesting",
            "personal-information-harvesting",
            "phishing",
            "phishing-landing-page",
            "phishing-page",
            "phishing-site",
            "pii-collection",
            "pii-harvesting",
            "pirated-software",
            "podcast-voting-impersonation",
            "ponzi-scheme",
            "pornographic-content-promotion",
            "prize-giveaway-scam",
            "profiling",
            "pyramid-scheme",
            "raiffeisen",
            "recent-domain",
            "recently-registered-domain",
            "recruitment-scheme",
            "redirect-chain",
            "retail-scam",
            "risky-tld",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-landing-page",
            "scam-site",
            "sharepoint-impersonation",
            "shopify-redirect",
            "smartphone-scam",
            "social-engineering",
            "social-login-phishing",
            "spotify-impersonation",
            "steam",
            "steam-api-key",
            "stonex-impersonation",
            "suspicious-domain",
            "suspicious-redirects",
            "synology",
            "system-compromise",
            "tech-support-scam",
            "telegram",
            "trading-platform",
            "twitter-impersonation",
            "typosquatting",
            "unofficial-software",
            "unwanted-programs",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "webex-impersonation",
            "young-domain",
            "youtube",
            "youtube-bots"
          ],
          "references": [
            "https://urlert.com/domain/3fox.fun",
            "https://urlert.com/domain/76whb36t.lat",
            "https://urlert.com/domain/activecampaign-team-support.com",
            "https://urlert.com/domain/altriagroupformerlyphilipmorakfriscompanies.cfd",
            "https://urlert.com/domain/amazonaws.com",
            "https://urlert.com/domain/ameli-gouv.com",
            "https://urlert.com/domain/apkresult.io",
            "https://urlert.com/domain/assureloans.ca",
            "https://urlert.com/domain/beauty-date-app.beauty",
            "https://urlert.com/domain/bookingil.com",
            "https://urlert.com/domain/callingsafe.com",
            "https://urlert.com/domain/campanie.promo",
            "https://urlert.com/domain/coinhako-m.com",
            "https://urlert.com/domain/confirmare.store",
            "https://urlert.com/domain/cordilleralaserena.cl",
            "https://urlert.com/domain/correos-argentino.org",
            "https://urlert.com/domain/cs2cup.com",
            "https://urlert.com/domain/ct.ws",
            "https://urlert.com/domain/cudasvc.com",
            "https://urlert.com/domain/dadaoas.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Hospitality",
            "Legal Services",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Real Estate",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 62,
            "URL": 64,
            "hostname": 28
          },
          "indicator_count": 154,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "21 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c9cb1498594a7e95de404a",
          "name": "URLert Daily Threat Intel \u2014 2026-03-30",
          "description": "URLert Daily Threat Intel \u2014 2026-03-30\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 54 | Indicators: 92\nConfirmed: 20 | Likely: 33 | Domain intel: 1\nTop threats: Phishing (44), Malware Hosting (5), Dropper (4), Malvertising (1)\nDomains: apexnova.info, avatradexs.vip, bdggutyn.shop, borderclick.com, canadamilksettlement.com, ccgcg.com, chat-whatsapp.es, cscups.com, ey43.com, filez.site, flashgain9ja.money, fse.cc, getmysoc...\n\n54 unique threats producing 92 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-29T00:07:52.134000",
          "created": "2026-03-30T01:00:04.690000",
          "tags": [
            "account-recovery-scam",
            "account-takeover",
            "adult-content-lure",
            "aged-domain",
            "asset-theft",
            "austria",
            "automated-scan",
            "botnet-distribution",
            "brand-impersonation",
            "coin-miner",
            "combosquatting",
            "content-locking",
            "credential-harvesting",
            "crypto-scam",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "dating-service-scam",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-landing-page",
            "deceptive-reward-scheme",
            "deceptive-social-media",
            "deceptive-statistics",
            "deceptive-website",
            "discord-impersonation",
            "disposable-domain",
            "domain-classification",
            "domain-redirection",
            "domain-rotation",
            "fake-job-offer",
            "fake-login",
            "fake-login-page",
            "fake-rebate-program",
            "fake-security-check",
            "fake-video-player",
            "fathalla-market",
            "file-hosting",
            "file-sharing-impersonation",
            "financial-fraud",
            "financial-scam",
            "financial-services-impersonation",
            "financial-theft",
            "flashgain-9ja",
            "fraud",
            "fraudulent-financial-activity",
            "fraudulent-financial-services",
            "fraudulent-platform",
            "fund-theft",
            "game-currency-scam",
            "game-roms",
            "gaming-platform",
            "gibberish-domain",
            "government-impersonation",
            "high-risk-domain",
            "high-risk-fraud",
            "hospitality-sector",
            "identity-harvesting",
            "investment-scam",
            "lack-of-transparency",
            "link-shortener",
            "luxury-brands",
            "malicious-link-distribution",
            "malicious-redirect",
            "malicious-redirection",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-embedding",
            "meta-impersonation",
            "modified-installers",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "obfuscated-code",
            "offer-scam",
            "online-earning-scam",
            "personal-information-theft",
            "phishing",
            "phishing-scam",
            "pig-butchering",
            "porn-lure",
            "pornographic-lure",
            "privacy-risk",
            "pup-distribution",
            "recruitment-fraud",
            "recruitment-scam",
            "redirect-chain",
            "redirect-cloaking",
            "redirection",
            "registration-scam",
            "replit-app",
            "retail-e-commerce",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-pages",
            "scammer-infrastructure",
            "scanner-evasion",
            "scareware",
            "search-engine-blocking",
            "security-alert-impersonation",
            "security-risk",
            "social-engineering",
            "software-installation-scam",
            "software-piracy",
            "spam-promoted",
            "steam-impersonation",
            "suspicious-domain",
            "telecommunications",
            "telegram-integration",
            "twitter",
            "typosquatting",
            "unregulated-financial-service",
            "unregulated-platform",
            "unwanted-software",
            "urlert",
            "usdt",
            "usdt-scam",
            "usdt-targeting",
            "verification-scam",
            "vpn-impersonation",
            "vpn-scam",
            "whatsapp-impersonation",
            "withdrawal-scam",
            "youtube-bots"
          ],
          "references": [
            "https://urlert.com/domain/apexnova.info",
            "https://urlert.com/domain/avatradexs.vip",
            "https://urlert.com/domain/bdggutyn.shop",
            "https://urlert.com/domain/borderclick.com",
            "https://urlert.com/domain/canadamilksettlement.com",
            "https://urlert.com/domain/ccgcg.com",
            "https://urlert.com/domain/chat-whatsapp.es",
            "https://urlert.com/domain/cscups.com",
            "https://urlert.com/domain/ey43.com",
            "https://urlert.com/domain/filez.site",
            "https://urlert.com/domain/flashgain9ja.money",
            "https://urlert.com/domain/fse.cc",
            "https://urlert.com/domain/getmysocial.com",
            "https://urlert.com/domain/hdgrk.com",
            "https://urlert.com/domain/hyi.cc",
            "https://urlert.com/domain/itefullofeedshen.com",
            "https://urlert.com/domain/itnet247.nl",
            "https://urlert.com/domain/kec.az",
            "https://urlert.com/domain/kryosysapp.vip",
            "https://urlert.com/domain/ligcoin.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Hospitality",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 27,
            "URL": 31,
            "hostname": 9
          },
          "indicator_count": 67,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "32 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c48531dddd82e47d331f47",
          "name": "URLert Daily Threat Intel \u2014 2026-03-26",
          "description": "URLert Daily Threat Intel \u2014 2026-03-26\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 77 | Indicators: 130\nConfirmed: 26 | Likely: 49 | Domain intel: 1 | Manual: 1\nTop threats: Phishing (69), Malware Hosting (6), Dropper (1)\nDomains: 264891.xin, 861289.xin, acccat.com, adescargar.net, b-cdn.net, blockrelic.net, clck.ru, dallalla7.pro, dlpsgame.com, double-authorization-pulse.com, dpdlocals.uno, edgeone.app, ephapay.net...\n\n77 unique threats producing 130 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-24T22:30:01.629000",
          "created": "2026-03-26T01:00:33.299000",
          "tags": [
            "seur-impersonation",
            "account-compromise",
            "account-hijacking",
            "adult-scam",
            "adware",
            "aggressive-ads",
            "aggressive-tactics",
            "amazon-impersonation",
            "amazon-phishing",
            "android-malware",
            "anonymous-hosting",
            "apk-distribution",
            "apk-repository",
            "asset-theft",
            "austria",
            "automated-scan",
            "barclaycard-impersonation",
            "booking-com-impersonation",
            "brand-impersonation",
            "brazil",
            "cdn-hosted",
            "chatgpt-plus",
            "chatwork",
            "cloaking",
            "combosquatting",
            "content-locker",
            "cpanel-impersonation",
            "credential-harvesting",
            "credit-card-theft",
            "crypto-investment-scam",
            "cryptocurrency-phishing",
            "cryptocurrency-scam",
            "cryptocurrency-theft",
            "daily-threat-intel",
            "data-collection",
            "data-harvesting",
            "dating-scam",
            "deceptive-baiting",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-practices",
            "deceptive-reward-scheme",
            "deceptive-reward-site",
            "deceptive-rewards",
            "deceptive-site",
            "deceptive-tactics",
            "deceptive-trading-platform",
            "delivery-scam",
            "direct-download",
            "domain-classification",
            "domain-redirect",
            "domain-rotation",
            "dpd-impersonation",
            "ecommerce-fraud",
            "education-ministry",
            "evasion-technique",
            "fake-bonus",
            "fake-domain",
            "fake-job-offer",
            "fake-login",
            "fake-login-page",
            "fake-recovery-service",
            "fake-store-closure",
            "fake-subscription",
            "fake-tracking-page",
            "fake-voting-scam",
            "fedex",
            "figma-abuse",
            "file-download",
            "financial-data-theft",
            "financial-information-theft",
            "financial-scam",
            "financial-services",
            "forex-scam",
            "fortnite",
            "fraud",
            "fraudulent-investment-platform",
            "fraudulent-investment-scheme",
            "free-hosting",
            "gambling-scam",
            "gaming-cheats",
            "gato-preto",
            "google-impersonation",
            "government-impersonation",
            "government-services",
            "high-risk-tld",
            "hungary",
            "information-collection",
            "information-harvesting",
            "information-stealing",
            "intelcom",
            "intelcom-impersonation",
            "investment-scam",
            "invitation-code-scam",
            "job-seeker-targeting",
            "lbank-impersonation",
            "logistics",
            "logistics-sector",
            "lookalike-domain",
            "malicious-domain",
            "malicious-redirect",
            "malicious-redirects",
            "malicious-site",
            "malvertising",
            "malware",
            "malware-delivery",
            "malware-distribution",
            "malware-dropper",
            "malware-hosting",
            "manual-entry",
            "microsoft-impersonation",
            "minecraft",
            "modified-apk",
            "moneygram-impersonation",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "offer-scam",
            "onlyfans",
            "openai",
            "openai-impersonation",
            "paradise-lxli-t33n-leak",
            "parking-citation-scam",
            "personal-data-theft",
            "personal-information-collection",
            "personal-information-harvesting",
            "philips",
            "phishing",
            "phishing-page",
            "phishing-site",
            "pirated-software",
            "platform-abuse",
            "pokemon-go",
            "ponzi-scheme",
            "privacy-risk",
            "recruitment-scam",
            "redirection",
            "redirector",
            "redirects",
            "reward-scam",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-domain",
            "security-risk",
            "shopee",
            "social-aid-impersonation",
            "social-engineering",
            "spam",
            "spam-promoted",
            "steam-impersonation",
            "subdomain-abuse",
            "suspicious-domain",
            "suspicious-redirects",
            "typosquatting",
            "unrealistic-discounts",
            "unregulated-gambling",
            "unsecured-hosting",
            "unverified-app-distribution",
            "unverified-executables",
            "unverified-software",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "usdt",
            "virtual-item-scam",
            "webmail-impersonation",
            "webmail-phishing"
          ],
          "references": [
            "https://urlert.com/domain/264891.xin",
            "https://urlert.com/domain/861289.xin",
            "https://urlert.com/domain/acccat.com",
            "https://urlert.com/domain/adescargar.net",
            "https://urlert.com/domain/b-cdn.net",
            "https://urlert.com/domain/blockrelic.net",
            "https://urlert.com/domain/clck.ru",
            "https://urlert.com/domain/dallalla7.pro",
            "https://urlert.com/domain/dlpsgame.com",
            "https://urlert.com/domain/double-authorization-pulse.com",
            "https://urlert.com/domain/dpdlocals.uno",
            "https://urlert.com/domain/edgeone.app",
            "https://urlert.com/domain/ephapay.net",
            "https://urlert.com/domain/ey43.com",
            "https://urlert.com/domain/fbmrandevutakip.com",
            "https://urlert.com/domain/fedexredeliveryform.com",
            "https://urlert.com/domain/figma.com",
            "https://urlert.com/domain/fortflex.live",
            "https://urlert.com/domain/fse.cc",
            "https://urlert.com/domain/gatopretoofficialstore.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 40,
            "URL": 43,
            "hostname": 12
          },
          "indicator_count": 95,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 35,
          "modified_text": "36 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69bf3f1474cf79067c4581eb",
          "name": "URLert Daily Threat Intel \u2014 2026-03-22",
          "description": "URLert Daily Threat Intel \u2014 2026-03-22\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 48 | Indicators: 83\nConfirmed: 23 | Likely: 22 | Domain intel: 3\nTop threats: Phishing (35), Malware Hosting (5), Dropper (4), Malvertising (2), Unknown (2)\nDomains: annalect.store, bllokim.com, crashradar.info, cyrusfinance.xyz, effectivegatecpm.com, filecr.com, fitgirl-repacks.site, fu2dc.com, ghfv.xyz, govazco.help, hyi.cc, imdb-improve.com, kec.az,...\n\n48 unique threats producing 83 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-20T22:34:11.231000",
          "created": "2026-03-22T01:00:04.725000",
          "tags": [
            "adult-content-lure",
            "advance-fee-scam",
            "aged-domain",
            "asset-harvesting",
            "asset-theft",
            "automated-distribution",
            "automated-scan",
            "booking-com",
            "booking-com-impersonation",
            "brand-impersonation",
            "browser-extension-malware",
            "bulletproof-hosting",
            "combosquatting",
            "content-locking",
            "counterfeit-goods",
            "cracked-software",
            "credential-harvesting",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-collection",
            "data-harvesting",
            "deceptive-content-locking",
            "deceptive-distribution",
            "deceptive-domain",
            "deceptive-incentives",
            "deceptive-practices",
            "deceptive-reward-site",
            "deceptive-site",
            "deceptive-tactics",
            "domain-classification",
            "domain-rotation",
            "e-commerce-scam",
            "evasive-tactics",
            "fake-alerts",
            "fake-company",
            "fake-fees",
            "fake-interface",
            "fake-toll",
            "fake-verification",
            "file-locker-scam",
            "financial-fraud",
            "financial-scam",
            "financial-theft",
            "fraud",
            "fraudulent-business-practices",
            "gambling-scam",
            "gaming-piracy",
            "giveaway-scam",
            "government-services",
            "high-risk",
            "high-risk-hosting",
            "hospitality-sector",
            "info-stealer",
            "insecure-site",
            "lookalike-domain",
            "malicious-infrastructure",
            "malicious-redirect",
            "malicious-redirects",
            "malvertising",
            "malware-bundling",
            "malware-delivery",
            "malware-distribution",
            "malware-download",
            "malware-hosting",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "non-delivery",
            "offer-scam",
            "onlyfans",
            "penndot-impersonation",
            "personal-information-harvesting",
            "phishing",
            "phishing-page",
            "phishing-site",
            "pig-butchering",
            "pirated-software",
            "ponzi-scheme",
            "power-mac-center",
            "powermac-center",
            "ralph-lauren",
            "rat",
            "redirect-chain",
            "redirect-cloaking",
            "redirector",
            "retail-e-commerce",
            "roblox",
            "roblox-impersonation",
            "romance-scam",
            "scam",
            "scareware",
            "scdmv",
            "social-engineering",
            "spam-promotion",
            "spyware",
            "suspicious-domain",
            "suspicious-redirection",
            "suspicious-redirects",
            "suspicious-service",
            "suspicious-site",
            "suspicious-vpn",
            "task-scam",
            "telegram-impersonation",
            "tiktok-impersonation",
            "traffic-redirection",
            "trojan",
            "twitter-impersonation",
            "typosquatting",
            "unwanted-offers",
            "unwanted-software-download",
            "url-redirection",
            "url-shortener",
            "urlert",
            "usdt",
            "usdt-targeting",
            "usdt-wallet",
            "viruses",
            "wallapop",
            "wallet-drainer",
            "watch-to-earn-scam",
            "youtube-distribution"
          ],
          "references": [
            "https://urlert.com/domain/annalect.store",
            "https://urlert.com/domain/bllokim.com",
            "https://urlert.com/domain/crashradar.info",
            "https://urlert.com/domain/cyrusfinance.xyz",
            "https://urlert.com/domain/effectivegatecpm.com",
            "https://urlert.com/domain/filecr.com",
            "https://urlert.com/domain/fitgirl-repacks.site",
            "https://urlert.com/domain/fu2dc.com",
            "https://urlert.com/domain/ghfv.xyz",
            "https://urlert.com/domain/govazco.help",
            "https://urlert.com/domain/hyi.cc",
            "https://urlert.com/domain/imdb-improve.com",
            "https://urlert.com/domain/kec.az",
            "https://urlert.com/domain/littlewish.in",
            "https://urlert.com/domain/lostmedia.me",
            "https://urlert.com/domain/lxk.cc",
            "https://urlert.com/domain/onlyfans.wtf",
            "https://urlert.com/domain/poplarcu.com",
            "https://urlert.com/domain/powermaccenter.vip",
            "https://urlert.com/domain/purchases340.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Hospitality",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 26,
            "hostname": 8,
            "URL": 29
          },
          "indicator_count": 63,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 32,
          "modified_text": "40 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69b9f9154f6b7f0bb31b8d3b",
          "name": "URLert Daily Threat Intel \u2014 2026-03-18",
          "description": "URLert Daily Threat Intel \u2014 2026-03-18\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 57 | Indicators: 87\nConfirmed: 13 | Likely: 32 | Domain intel: 11 | Manual: 1\nTop threats: Phishing (45), Unknown (5), Dropper (2), Malware Hosting (1), Web Attack (1)\nDomains: 875557.com, aadeaccess.cc, appinjects.com, attemportantly.my.id, autoaade.top, b-cdn.net, barcelonadesigntours.com, brsss.cc, casajoys.com, cert-sha256.co.uk, colettelior.com, crashradar.i...\n\n57 unique threats producing 87 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-17T00:57:33.567000",
          "created": "2026-03-18T01:00:05.287000",
          "tags": [
            "aade-impersonation",
            "adult-content-impersonation",
            "adult-content-scam",
            "affiliate-fraud",
            "airdrop-scam",
            "anonymous-hosting",
            "automated-scan",
            "bait-and-switch",
            "brand-impersonation",
            "browser-manipulation",
            "burn-and-churn",
            "camera-access-harvesting",
            "cloaking",
            "collectible-toys",
            "combosquatting",
            "command-execution",
            "compromised-infrastructure",
            "content-locker",
            "content-locking",
            "content-theft",
            "credential-harvesting",
            "credit-card-harvesting",
            "cryptocurrency-scam",
            "cryptocurrency-theft",
            "daily-threat-intel",
            "data-harvesting",
            "data-theft",
            "ddns",
            "deceptive-content",
            "deceptive-content-locking",
            "deceptive-domain",
            "deceptive-marketing",
            "deceptive-platform",
            "deceptive-pop-up",
            "deceptive-practices",
            "deceptive-rewards",
            "deceptive-site",
            "deceptive-software-distribution",
            "deceptive-subdomain",
            "deceptive-tracking",
            "domain-classification",
            "dot-info-tld",
            "ecommerce-scam",
            "evasion",
            "fake-discount",
            "fake-mining-platform",
            "fake-payment-scam",
            "fake-recaptcha",
            "fake-security-alert",
            "fake-software",
            "fake-verification",
            "financial-data-harvesting",
            "financial-deception",
            "financial-fraud",
            "financial-scam",
            "financial-sector",
            "financial-theft",
            "fraud",
            "fraudulent-content",
            "fraudulent-ecommerce",
            "fund-theft",
            "gambling",
            "gaming",
            "google-impersonation",
            "government-targeting",
            "grayware",
            "greece",
            "high-risk",
            "high-risk-gambling",
            "high-risk-tld",
            "illegal-pharmaceuticals",
            "investment-fraud",
            "investment-scam",
            "invite-code-scam",
            "ip-logger",
            "malicious-cloaking",
            "malicious-redirection",
            "malicious-scripts",
            "malicious-url",
            "malvertising",
            "malware-distribution",
            "malware-installation",
            "manual-entry",
            "microsoft-defender",
            "microsoft-impersonation",
            "mobile-malware",
            "mobile-number-harvesting",
            "myinvestor",
            "netlify",
            "netlify-hosting",
            "new-domain",
            "newly-registered-domain",
            "nigeria",
            "non-delivery-scam",
            "online-gaming",
            "payment-scam",
            "performance-enhancing-drugs",
            "personal-information-collection",
            "personal-information-theft",
            "phishing",
            "phishing-site",
            "ponzi-scheme",
            "privacy-risk",
            "privacy-violation",
            "redirect-chain",
            "redirection",
            "retail-e-commerce",
            "retail-fraud",
            "reward-scam",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-domain",
            "scam-shop",
            "scam-store",
            "scam-websites",
            "scareware",
            "security-warning",
            "shein-impersonation",
            "social-engineering",
            "social-media-scam",
            "spam-promotion",
            "steam-impersonation",
            "subscription-scam",
            "suspicious-activity",
            "suspicious-design",
            "suspicious-domain",
            "suspicious-financial-practices",
            "suspicious-redirect",
            "suspicious-subdomain",
            "targeted-phishing",
            "task-fraud",
            "task-scam",
            "tax-authority-impersonation",
            "tech-support-scam",
            "throwaway-domain",
            "tm-shop",
            "tracking",
            "typosquatting",
            "unauthorized-access",
            "unauthorized-monitoring",
            "unauthorized-sales",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "usdt",
            "variakoo",
            "wallet-drainer",
            "wallet-harvesting",
            "webcam-hijacking",
            "worten-impersonation",
            "xvideos-impersonation",
            "young-domain",
            "youtube-bots"
          ],
          "references": [
            "https://urlert.com/domain/875557.com",
            "https://urlert.com/domain/aadeaccess.cc",
            "https://urlert.com/domain/appinjects.com",
            "https://urlert.com/domain/attemportantly.my.id",
            "https://urlert.com/domain/autoaade.top",
            "https://urlert.com/domain/b-cdn.net",
            "https://urlert.com/domain/barcelonadesigntours.com",
            "https://urlert.com/domain/brsss.cc",
            "https://urlert.com/domain/casajoys.com",
            "https://urlert.com/domain/cert-sha256.co.uk",
            "https://urlert.com/domain/colettelior.com",
            "https://urlert.com/domain/crashradar.info",
            "https://urlert.com/domain/duckdns.org",
            "https://urlert.com/domain/eph.cc",
            "https://urlert.com/domain/gamedrive.org",
            "https://urlert.com/domain/hitomi.la",
            "https://urlert.com/domain/houejeam.com",
            "https://urlert.com/domain/lambdamexai.com",
            "https://urlert.com/domain/lfi9d.vip",
            "https://urlert.com/domain/ln.run"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 29,
            "URL": 20,
            "hostname": 8
          },
          "indicator_count": 57,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 32,
          "modified_text": "44 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69b0bea19b71675fe89c6b13",
          "name": "URLert Daily Threat Intel \u2014 2026-03-11",
          "description": "URLert Daily Threat Intel \u2014 2026-03-11\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 44 | Indicators: 79\nConfirmed: 15 | Likely: 23 | Domain intel: 6\nTop threats: Phishing (41), Unknown (2), Dropper (1)\nDomains: acemlna.com, amazonaws.com, cloudspire-works.com, complaterra.com, costcostudent.com, crashradar.info, effectivegatecpm.com, forms.gle, fortgame.live, fyo.cc, goo.su, hgecirrep.com, httpsm...\n\n44 unique threats producing 79 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-10T01:01:25.474000",
          "created": "2026-03-11T01:00:17.892000",
          "tags": [
            "abused-platform",
            "account-takeover",
            "adobe-impersonation",
            "advance-fee-fraud",
            "apple-impersonation",
            "arizona-dot",
            "asset-theft",
            "automated-scan",
            "aws-s3",
            "booking-com",
            "brand-impersonation",
            "brand-in-subdomain",
            "captcha-challenge",
            "chrome-malware",
            "cloudflare",
            "combosquatting",
            "compromised-site",
            "credential-harvesting",
            "cryptocurrency-fraud",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "deceptive-business-practices",
            "deceptive-domain",
            "deceptive-download",
            "deceptive-link",
            "deceptive-setup",
            "deceptive-site",
            "deceptive-verification",
            "delivery-scam",
            "developer-platform",
            "disposable-infrastructure",
            "document-viewer-impersonation",
            "domain-classification",
            "email-marketing-impersonation",
            "evasive-tactics",
            "fake-rewards",
            "fake-security-claims",
            "fake-toll-charge",
            "fake-toll-invoice",
            "financial-fraud",
            "financial-scam",
            "financial-theft",
            "fiverr-impersonation",
            "fraudulent-entity",
            "gambling-analytics",
            "gaming",
            "gift-card-scam",
            "google-impersonation",
            "government-impersonation",
            "high-risk-gambling",
            "high-risk-tld",
            "interia-portal",
            "invoice-lure",
            "israel-post",
            "job-scam",
            "large-scale-operation",
            "loan-scam",
            "login-form",
            "logistics",
            "malicious-domain",
            "malicious-infrastructure",
            "malicious-registry",
            "malware-distribution",
            "microsoft-impersonation",
            "money-mule-scam",
            "nebula-x",
            "netlify-app",
            "new-domain",
            "newly-registered-domain",
            "offer-scam",
            "olx-impersonation",
            "package-delivery-scam",
            "payment-card-harvesting",
            "payment-fraud",
            "payment-scam",
            "phishing",
            "phishing-kit",
            "phishing-site",
            "phishing-technique",
            "phone-number-harvesting",
            "playstation-network",
            "redirect-cloaking",
            "redirector",
            "remote-access-scam",
            "roblox",
            "scam",
            "scam-domain",
            "scam-potential",
            "session-hijacking",
            "seur",
            "social-engineering",
            "spam-campaign",
            "suspicious-domain",
            "t-mobile",
            "talent-community-com",
            "tech-support-scam",
            "telegram-impersonation",
            "tesla-impersonation",
            "texas-dmv",
            "threat-infrastructure",
            "tld-squatting",
            "toll-scam",
            "traffic-redirection",
            "twitter-impersonation",
            "typosquatting",
            "unwanted-software",
            "ups",
            "url-shortener",
            "urlert",
            "usdt",
            "usdt-scam",
            "vercel-hosting",
            "wallet-scam",
            "xvideos-impersonation"
          ],
          "references": [
            "https://urlert.com/domain/acemlna.com",
            "https://urlert.com/domain/amazonaws.com",
            "https://urlert.com/domain/cloudspire-works.com",
            "https://urlert.com/domain/complaterra.com",
            "https://urlert.com/domain/costcostudent.com",
            "https://urlert.com/domain/crashradar.info",
            "https://urlert.com/domain/effectivegatecpm.com",
            "https://urlert.com/domain/forms.gle",
            "https://urlert.com/domain/fortgame.live",
            "https://urlert.com/domain/fyo.cc",
            "https://urlert.com/domain/goo.su",
            "https://urlert.com/domain/hgecirrep.com",
            "https://urlert.com/domain/httpsmicrosolftwrk.com",
            "https://urlert.com/domain/in2p3.fr",
            "https://urlert.com/domain/it.com",
            "https://urlert.com/domain/jaef.xin",
            "https://urlert.com/domain/ln.run",
            "https://urlert.com/domain/mobile-zmj.xin",
            "https://urlert.com/domain/netlify.app",
            "https://urlert.com/domain/ojt.cc"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Automotive",
            "Energy",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 22,
            "hostname": 10,
            "URL": 16
          },
          "indicator_count": 48,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 29,
          "modified_text": "51 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69acca3692ba71ce9792362f",
          "name": "URLert Daily Threat Intel \u2014 2026-03-08",
          "description": "URLert Daily Threat Intel \u2014 2026-03-08\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 43 | Indicators: 83\nConfirmed: 5 | Likely: 35 | Domain intel: 3\nTop threats: Phishing (36), Malware Hosting (3), Malvertising (2), Dropper (1), Unknown (1)\nDomains: beb6.com, bitly.cx, cat-mxn.com, clipsexsub3x.net, cutt.ly, datess.one, donutstake.com, ebay.com, eph.cc, fesfo.cn, firstlook.gg, gepiu.cn, google.com, hrblocks.download, it.com, kittyescr...\n\n43 unique threats producing 83 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-06T22:05:40.567000",
          "created": "2026-03-08T01:00:35.927000",
          "tags": [
            "account-management-impersonation",
            "adult-content",
            "ai-content",
            "amazon-impersonation",
            "atacadao",
            "automated-scan",
            "beb6",
            "booking-com",
            "booking-com-impersonation",
            "brand-impersonation",
            "cacau-show",
            "cacau-show-impersonation",
            "caterpillar-impersonation",
            "combosquatting",
            "compromised-site",
            "credential-harvesting",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "deceptive-buttons",
            "deceptive-claims",
            "deceptive-pop-up",
            "deceptive-redirects",
            "deceptive-rewards",
            "deceptive-sign-up",
            "deceptive-site",
            "deceptive-url",
            "discord-scam",
            "disposable-infrastructure",
            "domain-age-misrepresentation",
            "domain-classification",
            "ebay",
            "evasive-tactics",
            "facesmsmart-com",
            "fake-banking-service",
            "fake-form",
            "fake-login-portal",
            "fake-promotion",
            "fake-reward",
            "financial-sector",
            "financial-services",
            "financial-services-targeting",
            "free-game-lure",
            "game-exploitation",
            "game-exploitation-tool",
            "game-hacks",
            "gift-card-scam",
            "giveaway-scam",
            "google-docs-abuse",
            "government-impersonation",
            "hello-kitty",
            "high-risk",
            "high-risk-tld",
            "impersonation",
            "information-stealer",
            "information-theft",
            "instagram-impersonation",
            "inventory-stealer",
            "investment-scam",
            "key-less-executor",
            "malicious-redirects",
            "malicious-registry",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-reports",
            "minecraft",
            "mobile-interface",
            "netflix-impersonation",
            "new-domain",
            "newly-registered-domain",
            "nigeria",
            "phishing",
            "phishing-infrastructure",
            "phishing-site",
            "phishing-technique",
            "playstation-impersonation",
            "potential-fraud",
            "potentially-harmful-software",
            "poundstretcher-impersonation",
            "prize-scam",
            "questionnaire-scam",
            "retail-e-commerce",
            "retail-ecommerce",
            "roblox",
            "scam",
            "scam-pages",
            "scareware",
            "sfi-mall",
            "social-engineering",
            "software-download",
            "spam-distribution",
            "subnautica-impersonation",
            "survey-scam",
            "suspicious-platform",
            "suspicious-redirection",
            "suspicious-tld",
            "telegram-bot",
            "telegram-impersonation",
            "tienda-mass",
            "trojan-horse",
            "typosquatting",
            "unregulated-gambling",
            "unwanted-software",
            "unwanted-software-download",
            "url-shortener",
            "urlert",
            "usdt-scam",
            "user-deception",
            "virus-warning",
            "vpn-lure",
            "wi-fi-password-scam"
          ],
          "references": [
            "https://urlert.com/domain/beb6.com",
            "https://urlert.com/domain/bitly.cx",
            "https://urlert.com/domain/cat-mxn.com",
            "https://urlert.com/domain/clipsexsub3x.net",
            "https://urlert.com/domain/cutt.ly",
            "https://urlert.com/domain/datess.one",
            "https://urlert.com/domain/donutstake.com",
            "https://urlert.com/domain/ebay.com",
            "https://urlert.com/domain/eph.cc",
            "https://urlert.com/domain/fesfo.cn",
            "https://urlert.com/domain/firstlook.gg",
            "https://urlert.com/domain/gepiu.cn",
            "https://urlert.com/domain/google.com",
            "https://urlert.com/domain/hrblocks.download",
            "https://urlert.com/domain/it.com",
            "https://urlert.com/domain/kittyescraft.com",
            "https://urlert.com/domain/kkinstagram.com",
            "https://urlert.com/domain/ko2bot.com",
            "https://urlert.com/domain/ngcpx.vip",
            "https://urlert.com/domain/nkfinanse.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Hospitality",
            "Manufacturing",
            "Media / Entertainment",
            "Retail / E-Commerce"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 31,
            "hostname": 8,
            "URL": 29
          },
          "indicator_count": 68,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 29,
          "modified_text": "54 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/3fox.fun",
        "https://urlert.com/domain/activecampaign-team-support.com",
        "https://urlert.com/domain/lamp222memory866.com",
        "https://urlert.com/domain/lockr.to",
        "https://urlert.com/domain/aadeaccess.cc",
        "https://urlert.com/domain/powermaccenter.vip",
        "https://urlert.com/domain/itnet247.nl",
        "https://urlert.com/domain/govazco.help",
        "https://urlert.com/domain/fafda.to",
        "https://urlert.com/domain/assureloans.ca",
        "https://urlert.com/domain/flashgain9ja.money",
        "https://urlert.com/domain/cine97.com",
        "https://urlert.com/domain/colettelior.com",
        "https://urlert.com/domain/cscups.com",
        "https://urlert.com/domain/firstlook.gg",
        "https://urlert.com/domain/it.com",
        "https://urlert.com/domain/activated.win",
        "https://urlert.com/domain/ccgcg.com",
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/correos-argentino.org",
        "https://urlert.com/domain/dpdlocals.uno",
        "https://urlert.com/domain/kryosysapp.vip",
        "https://urlert.com/domain/ligcoin.com",
        "https://urlert.com/domain/fu2dc.com",
        "https://urlert.com/domain/littlewish.in",
        "https://urlert.com/domain/callingsafe.com",
        "https://urlert.com/domain/annalect.store",
        "https://urlert.com/domain/dallalla7.pro",
        "https://urlert.com/domain/forms.gle",
        "https://urlert.com/domain/borderclick.com",
        "https://urlert.com/domain/festivephantasyofholidayprizes.xyz",
        "https://urlert.com/domain/edgeone.app",
        "https://urlert.com/domain/itefullofeedshen.com",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/ameli-gouv.com",
        "https://urlert.com/domain/cordilleralaserena.cl",
        "https://urlert.com/domain/acemlna.com",
        "https://urlert.com/domain/amazonaws.com",
        "https://urlert.com/domain/blockrelic.net",
        "https://urlert.com/domain/lxk.cc",
        "https://urlert.com/domain/goo.su",
        "https://urlert.com/domain/fse.cc",
        "https://urlert.com/domain/donutstake.com",
        "https://urlert.com/domain/apexnova.info",
        "https://urlert.com/domain/76whb36t.lat",
        "https://urlert.com/domain/avatradexs.vip",
        "https://urlert.com/domain/ephapay.net",
        "https://urlert.com/domain/fortflex.live",
        "https://urlert.com/domain/hyi.cc",
        "https://urlert.com/domain/ojt.cc",
        "https://urlert.com/domain/onlyfans.wtf",
        "https://urlert.com/domain/attemportantly.my.id",
        "https://urlert.com/domain/hdgrk.com",
        "https://urlert.com/domain/bllokim.com",
        "https://urlert.com/domain/filecr.com",
        "https://urlert.com/domain/b-cdn.net",
        "https://urlert.com/domain/lostmedia.me",
        "https://urlert.com/domain/cat-mxn.com",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/beauty-date-app.beauty",
        "https://urlert.com/domain/fedexredeliveryform.com",
        "https://urlert.com/domain/cert-sha256.co.uk",
        "https://urlert.com/domain/costcostudent.com",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/fitgirl-repacks.site",
        "https://urlert.com/domain/asst2game.ru",
        "https://urlert.com/domain/cudasvc.com",
        "https://urlert.com/domain/clck.ru",
        "https://urlert.com/domain/ebay.com",
        "https://urlert.com/domain/fortgame.live",
        "https://urlert.com/domain/blockimmobilien.de",
        "https://urlert.com/domain/dadaoas.com",
        "https://urlert.com/domain/hitomi.la",
        "https://urlert.com/domain/clipsexsub3x.net",
        "https://urlert.com/domain/jrffhfll.shop",
        "https://urlert.com/domain/double-authorization-pulse.com",
        "https://urlert.com/domain/httpsmicrosolftwrk.com",
        "https://urlert.com/domain/carziqo.net",
        "https://urlert.com/domain/ln.run",
        "https://urlert.com/domain/framer.app",
        "https://urlert.com/domain/einzzcookie.org",
        "https://urlert.com/domain/fbmrandevutakip.com",
        "https://urlert.com/domain/861289.xin",
        "https://urlert.com/domain/linkinsfw.xyz",
        "https://urlert.com/domain/jaef.xin",
        "https://urlert.com/domain/crashradar.info",
        "https://urlert.com/domain/mobile-zmj.xin",
        "https://urlert.com/domain/figma.com",
        "https://urlert.com/domain/ko2bot.com",
        "https://urlert.com/domain/lfi9d.vip",
        "https://urlert.com/domain/netlify.app",
        "https://urlert.com/domain/appinjects.com",
        "https://urlert.com/domain/clientoffice.rest",
        "https://urlert.com/domain/gamedrive.org",
        "https://urlert.com/domain/hrblocks.download",
        "https://urlert.com/domain/beb6.com",
        "https://urlert.com/domain/cyrusfinance.xyz",
        "https://urlert.com/domain/apkmody.com",
        "https://urlert.com/domain/hgecirrep.com",
        "https://urlert.com/domain/bitly.cx",
        "https://urlert.com/domain/in2p3.fr",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/poplarcu.com",
        "https://urlert.com/domain/canadamilksettlement.com",
        "https://urlert.com/domain/duckdns.org",
        "https://urlert.com/domain/ey43.com",
        "https://urlert.com/domain/cs2cup.com",
        "https://urlert.com/domain/casajoys.com",
        "https://urlert.com/domain/purchases340.com",
        "https://urlert.com/domain/kittyescraft.com",
        "https://urlert.com/domain/cloudspire-works.com",
        "https://urlert.com/domain/cutt.ly",
        "https://urlert.com/domain/gepiu.cn",
        "https://urlert.com/domain/kec.az",
        "https://urlert.com/domain/kkinstagram.com",
        "https://urlert.com/domain/altriagroupformerlyphilipmorakfriscompanies.cfd",
        "https://urlert.com/domain/barcelonadesigntours.com",
        "https://urlert.com/domain/coinhako-m.com",
        "https://urlert.com/domain/ngcpx.vip",
        "https://urlert.com/domain/eph.cc",
        "https://urlert.com/domain/fyo.cc",
        "https://urlert.com/domain/ghfv.xyz",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/bdggutyn.shop",
        "https://urlert.com/domain/lambdamexai.com",
        "https://urlert.com/domain/autoaade.top",
        "https://urlert.com/domain/coldcoupons.com",
        "https://urlert.com/domain/875557.com",
        "https://urlert.com/domain/qsend.info",
        "https://urlert.com/domain/chat-whatsapp.es",
        "https://urlert.com/domain/fesfo.cn",
        "https://urlert.com/domain/imdb-improve.com",
        "https://urlert.com/domain/campanie.promo",
        "https://urlert.com/domain/houejeam.com",
        "https://urlert.com/domain/apkresult.io",
        "https://urlert.com/domain/nkfinanse.com",
        "https://urlert.com/domain/confirmare.store",
        "https://urlert.com/domain/complaterra.com",
        "https://urlert.com/domain/getmysocial.com",
        "https://urlert.com/domain/datess.one",
        "https://urlert.com/domain/gatopretoofficialstore.com",
        "https://urlert.com/domain/brsss.cc",
        "https://urlert.com/domain/filez.site",
        "https://urlert.com/domain/dlpsgame.com",
        "https://urlert.com/domain/264891.xin",
        "https://urlert.com/domain/bookingil.com"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Financial services",
            "Technology",
            "Automotive",
            "Government",
            "Education",
            "Hospitality",
            "Retail / e-commerce",
            "Logistics / supply chain",
            "Legal services",
            "Energy",
            "Telecommunications",
            "Real estate",
            "Media / entertainment",
            "Manufacturing"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 8,
  "pulses": [
    {
      "id": "6a1b88213571f42965ccfdf9",
      "name": "URLert Daily Threat Intel \u2014 2026-05-31",
      "description": "URLert Daily Threat Intel \u2014 2026-05-31\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 29 | Indicators: 59\nConfirmed: 7 | Likely: 22\nTop threats: Phishing (18), Dropper (3), Malware Hosting (3), Malvertising (3), Unknown (2)\nDomains: activated.win, apkmody.com, asst2game.ru, blockimmobilien.de, blogspot.com, carziqo.net, cine97.com, clientoffice.rest, coldcoupons.com, einzzcookie.org, fafda.to, festivephantasyofholiday...\n\n29 unique threats producing 59 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-31T01:00:17.582000",
      "created": "2026-05-31T01:00:17.582000",
      "tags": [
        "access-denied",
        "adult-content",
        "android-malware",
        "antivirus-bypass",
        "automated-download",
        "automated-scan",
        "blogspot",
        "brand-impersonation",
        "bypass-security",
        "citadele",
        "content-locking",
        "credential-harvesting",
        "credit-card-harvesting",
        "daily-threat-intel",
        "data-harvesting",
        "deceptive-activity",
        "deceptive-commerce",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-site",
        "deceptive-subdomain",
        "deceptive-tactics",
        "evasive-site",
        "fake-browser-verification",
        "fake-business",
        "fake-login-form",
        "fake-product",
        "fake-promises",
        "fake-promotion",
        "fake-rewards",
        "fake-store",
        "fake-support-chat",
        "financial-fraud",
        "fraudulent-ad-revenue",
        "fraudulent-content",
        "freelancer-targeting",
        "giveaway-scam",
        "google-docs",
        "google-sites",
        "hidden-destination",
        "hotel-booking-scam",
        "instagram-impersonation",
        "investment-scam",
        "lead-generation",
        "link-shortener",
        "malicious-download",
        "malicious-network",
        "malicious-redirect",
        "malicious-redirection",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "microsoft-outlook",
        "modded-apps",
        "new-domain",
        "newly-registered-domain",
        "nintendo-impersonation",
        "olx-impersonation",
        "payment-card-harvesting",
        "payment-fraud",
        "phishing",
        "phishing-infrastructure",
        "phone-number-harvesting",
        "pirated-software-lure",
        "redirects",
        "retail-scam",
        "roblox",
        "scam",
        "scam-distribution",
        "scam-domain",
        "scam-gateway",
        "scam-template",
        "security-disabling",
        "shopping-scam",
        "snapchat",
        "social-engineering",
        "software-piracy",
        "streaming-scam",
        "survey-scam",
        "suspicious-domain",
        "telegram-engagement",
        "tiktok-impersonation",
        "traffic-distribution-system",
        "traffic-redirection",
        "unauthorized-software",
        "unwanted-software",
        "urlert"
      ],
      "references": [
        "https://urlert.com/domain/activated.win",
        "https://urlert.com/domain/apkmody.com",
        "https://urlert.com/domain/asst2game.ru",
        "https://urlert.com/domain/blockimmobilien.de",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/carziqo.net",
        "https://urlert.com/domain/cine97.com",
        "https://urlert.com/domain/clientoffice.rest",
        "https://urlert.com/domain/coldcoupons.com",
        "https://urlert.com/domain/einzzcookie.org",
        "https://urlert.com/domain/fafda.to",
        "https://urlert.com/domain/festivephantasyofholidayprizes.xyz",
        "https://urlert.com/domain/framer.app",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/jrffhfll.shop",
        "https://urlert.com/domain/kkinstagram.com",
        "https://urlert.com/domain/lamp222memory866.com",
        "https://urlert.com/domain/linkinsfw.xyz",
        "https://urlert.com/domain/lockr.to",
        "https://urlert.com/domain/qsend.info"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Hospitality",
        "Media / Entertainment",
        "Retail / E-Commerce"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 12,
        "URL": 26,
        "domain": 14
      },
      "indicator_count": 52,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 29,
      "modified_text": "9 hours ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d84b940c380e7d4d3cf30c",
      "name": "URLert Daily Threat Intel \u2014 2026-04-10",
      "description": "URLert Daily Threat Intel \u2014 2026-04-10\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 100 | Indicators: 201\nConfirmed: 33 | Likely: 66 | Domain intel: 1\nTop threats: Phishing (89), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (1)\nDomains: 3fox.fun, 76whb36t.lat, activecampaign-team-support.com, altriagroupformerlyphilipmorakfriscompanies.cfd, amazonaws.com, ameli-gouv.com, apkresult.io, assureloans.ca, beauty-date-app.beaut...\n\n100 unique threats producing 201 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-09T21:51:12.227000",
      "created": "2026-04-10T01:00:04.155000",
      "tags": [
        "seur-impersonation",
        "abused-platform",
        "account-recovery-fraud",
        "account-recovery-scam",
        "account-takeover",
        "activecampaign",
        "adult-lure",
        "adult-scam",
        "advance-fee-scam",
        "advertising-scam",
        "affiliate-fraud",
        "anti-analysis",
        "asset-theft",
        "automated-scan",
        "booking-impersonation",
        "brand-impersonation",
        "browser-verification",
        "canada",
        "clickbait",
        "cloudflare-impersonation",
        "coinhako-impersonation",
        "combosquatting",
        "command-execution",
        "compromised-site",
        "constructconnect-impersonation",
        "credential-harvesting",
        "credit-card-harvesting",
        "crypto-casino",
        "crypto-drainer",
        "crypto-exchange",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-exchange",
        "cs2-tournament",
        "daft-ie",
        "daily-threat-intel",
        "dao",
        "data-harvesting",
        "dating-scam",
        "ddns",
        "deceptive-domain",
        "deceptive-notification",
        "deceptive-redirects",
        "deceptive-reward-scheme",
        "deceptive-scam",
        "deceptive-site",
        "deceptive-social-tool",
        "deceptive-tactics",
        "deceptive-url",
        "deceptive-widget",
        "delivery-exception-scam",
        "delivery-failure",
        "delivery-scam",
        "denmark",
        "depop",
        "discord-impersonation",
        "domain-classification",
        "dpd-impersonation",
        "dropshipping-scam",
        "e-commerce-scam",
        "email-phishing",
        "evasive-behavior",
        "executable-download",
        "fake-contest",
        "fake-dating-scam",
        "fake-delivery-notification",
        "fake-download",
        "fake-financial-institution",
        "fake-gifts",
        "fake-legal-document",
        "fake-login",
        "fake-offer",
        "fake-security-alert",
        "fake-security-check",
        "fake-store",
        "fake-survey",
        "fake-testimonials",
        "fake-voting-scam",
        "financial-fraud",
        "financial-scam",
        "fiverr-impersonation",
        "france",
        "fraudulent-platform",
        "free-hosting",
        "free-web-hosting",
        "gate-page",
        "generic-hosting",
        "georgia",
        "georgia-dds",
        "gibberish-domain",
        "gog-impersonation",
        "google-impersonation",
        "government-service",
        "grayware",
        "high-risk-extension",
        "high-risk-tld",
        "hospitality-scam",
        "identity-theft",
        "illegal-drugs",
        "illicit-marketplace",
        "imap-authentication-scam",
        "information-gathering",
        "investment-scam",
        "kaspersky",
        "loan-fee-scam",
        "loblaws",
        "logistics",
        "logistics-impersonation",
        "lookalike-domain",
        "malicious-links",
        "malicious-site",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "mandarin-oriental",
        "meesho",
        "mexc-impersonation",
        "microsoft",
        "misspelled-domain",
        "modded-apk",
        "multi-stage-redirect",
        "nacex",
        "netlify-app",
        "new-domain",
        "newly-registered-domain",
        "obfuscated-javascript",
        "offer-scam",
        "olx",
        "olx-impersonation",
        "package-delivery-scam",
        "patreon-impersonation",
        "payload-delivery",
        "paywall-bypass",
        "personal-data-collection",
        "personal-data-harvesting",
        "personal-information-harvesting",
        "phishing",
        "phishing-landing-page",
        "phishing-page",
        "phishing-site",
        "pii-collection",
        "pii-harvesting",
        "pirated-software",
        "podcast-voting-impersonation",
        "ponzi-scheme",
        "pornographic-content-promotion",
        "prize-giveaway-scam",
        "profiling",
        "pyramid-scheme",
        "raiffeisen",
        "recent-domain",
        "recently-registered-domain",
        "recruitment-scheme",
        "redirect-chain",
        "retail-scam",
        "risky-tld",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-landing-page",
        "scam-site",
        "sharepoint-impersonation",
        "shopify-redirect",
        "smartphone-scam",
        "social-engineering",
        "social-login-phishing",
        "spotify-impersonation",
        "steam",
        "steam-api-key",
        "stonex-impersonation",
        "suspicious-domain",
        "suspicious-redirects",
        "synology",
        "system-compromise",
        "tech-support-scam",
        "telegram",
        "trading-platform",
        "twitter-impersonation",
        "typosquatting",
        "unofficial-software",
        "unwanted-programs",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "webex-impersonation",
        "young-domain",
        "youtube",
        "youtube-bots"
      ],
      "references": [
        "https://urlert.com/domain/3fox.fun",
        "https://urlert.com/domain/76whb36t.lat",
        "https://urlert.com/domain/activecampaign-team-support.com",
        "https://urlert.com/domain/altriagroupformerlyphilipmorakfriscompanies.cfd",
        "https://urlert.com/domain/amazonaws.com",
        "https://urlert.com/domain/ameli-gouv.com",
        "https://urlert.com/domain/apkresult.io",
        "https://urlert.com/domain/assureloans.ca",
        "https://urlert.com/domain/beauty-date-app.beauty",
        "https://urlert.com/domain/bookingil.com",
        "https://urlert.com/domain/callingsafe.com",
        "https://urlert.com/domain/campanie.promo",
        "https://urlert.com/domain/coinhako-m.com",
        "https://urlert.com/domain/confirmare.store",
        "https://urlert.com/domain/cordilleralaserena.cl",
        "https://urlert.com/domain/correos-argentino.org",
        "https://urlert.com/domain/cs2cup.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/cudasvc.com",
        "https://urlert.com/domain/dadaoas.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Hospitality",
        "Legal Services",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Real Estate",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 62,
        "URL": 64,
        "hostname": 28
      },
      "indicator_count": 154,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "21 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c9cb1498594a7e95de404a",
      "name": "URLert Daily Threat Intel \u2014 2026-03-30",
      "description": "URLert Daily Threat Intel \u2014 2026-03-30\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 54 | Indicators: 92\nConfirmed: 20 | Likely: 33 | Domain intel: 1\nTop threats: Phishing (44), Malware Hosting (5), Dropper (4), Malvertising (1)\nDomains: apexnova.info, avatradexs.vip, bdggutyn.shop, borderclick.com, canadamilksettlement.com, ccgcg.com, chat-whatsapp.es, cscups.com, ey43.com, filez.site, flashgain9ja.money, fse.cc, getmysoc...\n\n54 unique threats producing 92 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-29T00:07:52.134000",
      "created": "2026-03-30T01:00:04.690000",
      "tags": [
        "account-recovery-scam",
        "account-takeover",
        "adult-content-lure",
        "aged-domain",
        "asset-theft",
        "austria",
        "automated-scan",
        "botnet-distribution",
        "brand-impersonation",
        "coin-miner",
        "combosquatting",
        "content-locking",
        "credential-harvesting",
        "crypto-scam",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "dating-service-scam",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-landing-page",
        "deceptive-reward-scheme",
        "deceptive-social-media",
        "deceptive-statistics",
        "deceptive-website",
        "discord-impersonation",
        "disposable-domain",
        "domain-classification",
        "domain-redirection",
        "domain-rotation",
        "fake-job-offer",
        "fake-login",
        "fake-login-page",
        "fake-rebate-program",
        "fake-security-check",
        "fake-video-player",
        "fathalla-market",
        "file-hosting",
        "file-sharing-impersonation",
        "financial-fraud",
        "financial-scam",
        "financial-services-impersonation",
        "financial-theft",
        "flashgain-9ja",
        "fraud",
        "fraudulent-financial-activity",
        "fraudulent-financial-services",
        "fraudulent-platform",
        "fund-theft",
        "game-currency-scam",
        "game-roms",
        "gaming-platform",
        "gibberish-domain",
        "government-impersonation",
        "high-risk-domain",
        "high-risk-fraud",
        "hospitality-sector",
        "identity-harvesting",
        "investment-scam",
        "lack-of-transparency",
        "link-shortener",
        "luxury-brands",
        "malicious-link-distribution",
        "malicious-redirect",
        "malicious-redirection",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-embedding",
        "meta-impersonation",
        "modified-installers",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "obfuscated-code",
        "offer-scam",
        "online-earning-scam",
        "personal-information-theft",
        "phishing",
        "phishing-scam",
        "pig-butchering",
        "porn-lure",
        "pornographic-lure",
        "privacy-risk",
        "pup-distribution",
        "recruitment-fraud",
        "recruitment-scam",
        "redirect-chain",
        "redirect-cloaking",
        "redirection",
        "registration-scam",
        "replit-app",
        "retail-e-commerce",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-pages",
        "scammer-infrastructure",
        "scanner-evasion",
        "scareware",
        "search-engine-blocking",
        "security-alert-impersonation",
        "security-risk",
        "social-engineering",
        "software-installation-scam",
        "software-piracy",
        "spam-promoted",
        "steam-impersonation",
        "suspicious-domain",
        "telecommunications",
        "telegram-integration",
        "twitter",
        "typosquatting",
        "unregulated-financial-service",
        "unregulated-platform",
        "unwanted-software",
        "urlert",
        "usdt",
        "usdt-scam",
        "usdt-targeting",
        "verification-scam",
        "vpn-impersonation",
        "vpn-scam",
        "whatsapp-impersonation",
        "withdrawal-scam",
        "youtube-bots"
      ],
      "references": [
        "https://urlert.com/domain/apexnova.info",
        "https://urlert.com/domain/avatradexs.vip",
        "https://urlert.com/domain/bdggutyn.shop",
        "https://urlert.com/domain/borderclick.com",
        "https://urlert.com/domain/canadamilksettlement.com",
        "https://urlert.com/domain/ccgcg.com",
        "https://urlert.com/domain/chat-whatsapp.es",
        "https://urlert.com/domain/cscups.com",
        "https://urlert.com/domain/ey43.com",
        "https://urlert.com/domain/filez.site",
        "https://urlert.com/domain/flashgain9ja.money",
        "https://urlert.com/domain/fse.cc",
        "https://urlert.com/domain/getmysocial.com",
        "https://urlert.com/domain/hdgrk.com",
        "https://urlert.com/domain/hyi.cc",
        "https://urlert.com/domain/itefullofeedshen.com",
        "https://urlert.com/domain/itnet247.nl",
        "https://urlert.com/domain/kec.az",
        "https://urlert.com/domain/kryosysapp.vip",
        "https://urlert.com/domain/ligcoin.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Hospitality",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 27,
        "URL": 31,
        "hostname": 9
      },
      "indicator_count": 67,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "32 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c48531dddd82e47d331f47",
      "name": "URLert Daily Threat Intel \u2014 2026-03-26",
      "description": "URLert Daily Threat Intel \u2014 2026-03-26\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 77 | Indicators: 130\nConfirmed: 26 | Likely: 49 | Domain intel: 1 | Manual: 1\nTop threats: Phishing (69), Malware Hosting (6), Dropper (1)\nDomains: 264891.xin, 861289.xin, acccat.com, adescargar.net, b-cdn.net, blockrelic.net, clck.ru, dallalla7.pro, dlpsgame.com, double-authorization-pulse.com, dpdlocals.uno, edgeone.app, ephapay.net...\n\n77 unique threats producing 130 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-24T22:30:01.629000",
      "created": "2026-03-26T01:00:33.299000",
      "tags": [
        "seur-impersonation",
        "account-compromise",
        "account-hijacking",
        "adult-scam",
        "adware",
        "aggressive-ads",
        "aggressive-tactics",
        "amazon-impersonation",
        "amazon-phishing",
        "android-malware",
        "anonymous-hosting",
        "apk-distribution",
        "apk-repository",
        "asset-theft",
        "austria",
        "automated-scan",
        "barclaycard-impersonation",
        "booking-com-impersonation",
        "brand-impersonation",
        "brazil",
        "cdn-hosted",
        "chatgpt-plus",
        "chatwork",
        "cloaking",
        "combosquatting",
        "content-locker",
        "cpanel-impersonation",
        "credential-harvesting",
        "credit-card-theft",
        "crypto-investment-scam",
        "cryptocurrency-phishing",
        "cryptocurrency-scam",
        "cryptocurrency-theft",
        "daily-threat-intel",
        "data-collection",
        "data-harvesting",
        "dating-scam",
        "deceptive-baiting",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-practices",
        "deceptive-reward-scheme",
        "deceptive-reward-site",
        "deceptive-rewards",
        "deceptive-site",
        "deceptive-tactics",
        "deceptive-trading-platform",
        "delivery-scam",
        "direct-download",
        "domain-classification",
        "domain-redirect",
        "domain-rotation",
        "dpd-impersonation",
        "ecommerce-fraud",
        "education-ministry",
        "evasion-technique",
        "fake-bonus",
        "fake-domain",
        "fake-job-offer",
        "fake-login",
        "fake-login-page",
        "fake-recovery-service",
        "fake-store-closure",
        "fake-subscription",
        "fake-tracking-page",
        "fake-voting-scam",
        "fedex",
        "figma-abuse",
        "file-download",
        "financial-data-theft",
        "financial-information-theft",
        "financial-scam",
        "financial-services",
        "forex-scam",
        "fortnite",
        "fraud",
        "fraudulent-investment-platform",
        "fraudulent-investment-scheme",
        "free-hosting",
        "gambling-scam",
        "gaming-cheats",
        "gato-preto",
        "google-impersonation",
        "government-impersonation",
        "government-services",
        "high-risk-tld",
        "hungary",
        "information-collection",
        "information-harvesting",
        "information-stealing",
        "intelcom",
        "intelcom-impersonation",
        "investment-scam",
        "invitation-code-scam",
        "job-seeker-targeting",
        "lbank-impersonation",
        "logistics",
        "logistics-sector",
        "lookalike-domain",
        "malicious-domain",
        "malicious-redirect",
        "malicious-redirects",
        "malicious-site",
        "malvertising",
        "malware",
        "malware-delivery",
        "malware-distribution",
        "malware-dropper",
        "malware-hosting",
        "manual-entry",
        "microsoft-impersonation",
        "minecraft",
        "modified-apk",
        "moneygram-impersonation",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "offer-scam",
        "onlyfans",
        "openai",
        "openai-impersonation",
        "paradise-lxli-t33n-leak",
        "parking-citation-scam",
        "personal-data-theft",
        "personal-information-collection",
        "personal-information-harvesting",
        "philips",
        "phishing",
        "phishing-page",
        "phishing-site",
        "pirated-software",
        "platform-abuse",
        "pokemon-go",
        "ponzi-scheme",
        "privacy-risk",
        "recruitment-scam",
        "redirection",
        "redirector",
        "redirects",
        "reward-scam",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-domain",
        "security-risk",
        "shopee",
        "social-aid-impersonation",
        "social-engineering",
        "spam",
        "spam-promoted",
        "steam-impersonation",
        "subdomain-abuse",
        "suspicious-domain",
        "suspicious-redirects",
        "typosquatting",
        "unrealistic-discounts",
        "unregulated-gambling",
        "unsecured-hosting",
        "unverified-app-distribution",
        "unverified-executables",
        "unverified-software",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "usdt",
        "virtual-item-scam",
        "webmail-impersonation",
        "webmail-phishing"
      ],
      "references": [
        "https://urlert.com/domain/264891.xin",
        "https://urlert.com/domain/861289.xin",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/b-cdn.net",
        "https://urlert.com/domain/blockrelic.net",
        "https://urlert.com/domain/clck.ru",
        "https://urlert.com/domain/dallalla7.pro",
        "https://urlert.com/domain/dlpsgame.com",
        "https://urlert.com/domain/double-authorization-pulse.com",
        "https://urlert.com/domain/dpdlocals.uno",
        "https://urlert.com/domain/edgeone.app",
        "https://urlert.com/domain/ephapay.net",
        "https://urlert.com/domain/ey43.com",
        "https://urlert.com/domain/fbmrandevutakip.com",
        "https://urlert.com/domain/fedexredeliveryform.com",
        "https://urlert.com/domain/figma.com",
        "https://urlert.com/domain/fortflex.live",
        "https://urlert.com/domain/fse.cc",
        "https://urlert.com/domain/gatopretoofficialstore.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 40,
        "URL": 43,
        "hostname": 12
      },
      "indicator_count": 95,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 35,
      "modified_text": "36 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69bf3f1474cf79067c4581eb",
      "name": "URLert Daily Threat Intel \u2014 2026-03-22",
      "description": "URLert Daily Threat Intel \u2014 2026-03-22\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 48 | Indicators: 83\nConfirmed: 23 | Likely: 22 | Domain intel: 3\nTop threats: Phishing (35), Malware Hosting (5), Dropper (4), Malvertising (2), Unknown (2)\nDomains: annalect.store, bllokim.com, crashradar.info, cyrusfinance.xyz, effectivegatecpm.com, filecr.com, fitgirl-repacks.site, fu2dc.com, ghfv.xyz, govazco.help, hyi.cc, imdb-improve.com, kec.az,...\n\n48 unique threats producing 83 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-20T22:34:11.231000",
      "created": "2026-03-22T01:00:04.725000",
      "tags": [
        "adult-content-lure",
        "advance-fee-scam",
        "aged-domain",
        "asset-harvesting",
        "asset-theft",
        "automated-distribution",
        "automated-scan",
        "booking-com",
        "booking-com-impersonation",
        "brand-impersonation",
        "browser-extension-malware",
        "bulletproof-hosting",
        "combosquatting",
        "content-locking",
        "counterfeit-goods",
        "cracked-software",
        "credential-harvesting",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-collection",
        "data-harvesting",
        "deceptive-content-locking",
        "deceptive-distribution",
        "deceptive-domain",
        "deceptive-incentives",
        "deceptive-practices",
        "deceptive-reward-site",
        "deceptive-site",
        "deceptive-tactics",
        "domain-classification",
        "domain-rotation",
        "e-commerce-scam",
        "evasive-tactics",
        "fake-alerts",
        "fake-company",
        "fake-fees",
        "fake-interface",
        "fake-toll",
        "fake-verification",
        "file-locker-scam",
        "financial-fraud",
        "financial-scam",
        "financial-theft",
        "fraud",
        "fraudulent-business-practices",
        "gambling-scam",
        "gaming-piracy",
        "giveaway-scam",
        "government-services",
        "high-risk",
        "high-risk-hosting",
        "hospitality-sector",
        "info-stealer",
        "insecure-site",
        "lookalike-domain",
        "malicious-infrastructure",
        "malicious-redirect",
        "malicious-redirects",
        "malvertising",
        "malware-bundling",
        "malware-delivery",
        "malware-distribution",
        "malware-download",
        "malware-hosting",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "non-delivery",
        "offer-scam",
        "onlyfans",
        "penndot-impersonation",
        "personal-information-harvesting",
        "phishing",
        "phishing-page",
        "phishing-site",
        "pig-butchering",
        "pirated-software",
        "ponzi-scheme",
        "power-mac-center",
        "powermac-center",
        "ralph-lauren",
        "rat",
        "redirect-chain",
        "redirect-cloaking",
        "redirector",
        "retail-e-commerce",
        "roblox",
        "roblox-impersonation",
        "romance-scam",
        "scam",
        "scareware",
        "scdmv",
        "social-engineering",
        "spam-promotion",
        "spyware",
        "suspicious-domain",
        "suspicious-redirection",
        "suspicious-redirects",
        "suspicious-service",
        "suspicious-site",
        "suspicious-vpn",
        "task-scam",
        "telegram-impersonation",
        "tiktok-impersonation",
        "traffic-redirection",
        "trojan",
        "twitter-impersonation",
        "typosquatting",
        "unwanted-offers",
        "unwanted-software-download",
        "url-redirection",
        "url-shortener",
        "urlert",
        "usdt",
        "usdt-targeting",
        "usdt-wallet",
        "viruses",
        "wallapop",
        "wallet-drainer",
        "watch-to-earn-scam",
        "youtube-distribution"
      ],
      "references": [
        "https://urlert.com/domain/annalect.store",
        "https://urlert.com/domain/bllokim.com",
        "https://urlert.com/domain/crashradar.info",
        "https://urlert.com/domain/cyrusfinance.xyz",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/filecr.com",
        "https://urlert.com/domain/fitgirl-repacks.site",
        "https://urlert.com/domain/fu2dc.com",
        "https://urlert.com/domain/ghfv.xyz",
        "https://urlert.com/domain/govazco.help",
        "https://urlert.com/domain/hyi.cc",
        "https://urlert.com/domain/imdb-improve.com",
        "https://urlert.com/domain/kec.az",
        "https://urlert.com/domain/littlewish.in",
        "https://urlert.com/domain/lostmedia.me",
        "https://urlert.com/domain/lxk.cc",
        "https://urlert.com/domain/onlyfans.wtf",
        "https://urlert.com/domain/poplarcu.com",
        "https://urlert.com/domain/powermaccenter.vip",
        "https://urlert.com/domain/purchases340.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Hospitality",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 26,
        "hostname": 8,
        "URL": 29
      },
      "indicator_count": 63,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 32,
      "modified_text": "40 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69b9f9154f6b7f0bb31b8d3b",
      "name": "URLert Daily Threat Intel \u2014 2026-03-18",
      "description": "URLert Daily Threat Intel \u2014 2026-03-18\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 57 | Indicators: 87\nConfirmed: 13 | Likely: 32 | Domain intel: 11 | Manual: 1\nTop threats: Phishing (45), Unknown (5), Dropper (2), Malware Hosting (1), Web Attack (1)\nDomains: 875557.com, aadeaccess.cc, appinjects.com, attemportantly.my.id, autoaade.top, b-cdn.net, barcelonadesigntours.com, brsss.cc, casajoys.com, cert-sha256.co.uk, colettelior.com, crashradar.i...\n\n57 unique threats producing 87 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-17T00:57:33.567000",
      "created": "2026-03-18T01:00:05.287000",
      "tags": [
        "aade-impersonation",
        "adult-content-impersonation",
        "adult-content-scam",
        "affiliate-fraud",
        "airdrop-scam",
        "anonymous-hosting",
        "automated-scan",
        "bait-and-switch",
        "brand-impersonation",
        "browser-manipulation",
        "burn-and-churn",
        "camera-access-harvesting",
        "cloaking",
        "collectible-toys",
        "combosquatting",
        "command-execution",
        "compromised-infrastructure",
        "content-locker",
        "content-locking",
        "content-theft",
        "credential-harvesting",
        "credit-card-harvesting",
        "cryptocurrency-scam",
        "cryptocurrency-theft",
        "daily-threat-intel",
        "data-harvesting",
        "data-theft",
        "ddns",
        "deceptive-content",
        "deceptive-content-locking",
        "deceptive-domain",
        "deceptive-marketing",
        "deceptive-platform",
        "deceptive-pop-up",
        "deceptive-practices",
        "deceptive-rewards",
        "deceptive-site",
        "deceptive-software-distribution",
        "deceptive-subdomain",
        "deceptive-tracking",
        "domain-classification",
        "dot-info-tld",
        "ecommerce-scam",
        "evasion",
        "fake-discount",
        "fake-mining-platform",
        "fake-payment-scam",
        "fake-recaptcha",
        "fake-security-alert",
        "fake-software",
        "fake-verification",
        "financial-data-harvesting",
        "financial-deception",
        "financial-fraud",
        "financial-scam",
        "financial-sector",
        "financial-theft",
        "fraud",
        "fraudulent-content",
        "fraudulent-ecommerce",
        "fund-theft",
        "gambling",
        "gaming",
        "google-impersonation",
        "government-targeting",
        "grayware",
        "greece",
        "high-risk",
        "high-risk-gambling",
        "high-risk-tld",
        "illegal-pharmaceuticals",
        "investment-fraud",
        "investment-scam",
        "invite-code-scam",
        "ip-logger",
        "malicious-cloaking",
        "malicious-redirection",
        "malicious-scripts",
        "malicious-url",
        "malvertising",
        "malware-distribution",
        "malware-installation",
        "manual-entry",
        "microsoft-defender",
        "microsoft-impersonation",
        "mobile-malware",
        "mobile-number-harvesting",
        "myinvestor",
        "netlify",
        "netlify-hosting",
        "new-domain",
        "newly-registered-domain",
        "nigeria",
        "non-delivery-scam",
        "online-gaming",
        "payment-scam",
        "performance-enhancing-drugs",
        "personal-information-collection",
        "personal-information-theft",
        "phishing",
        "phishing-site",
        "ponzi-scheme",
        "privacy-risk",
        "privacy-violation",
        "redirect-chain",
        "redirection",
        "retail-e-commerce",
        "retail-fraud",
        "reward-scam",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-domain",
        "scam-shop",
        "scam-store",
        "scam-websites",
        "scareware",
        "security-warning",
        "shein-impersonation",
        "social-engineering",
        "social-media-scam",
        "spam-promotion",
        "steam-impersonation",
        "subscription-scam",
        "suspicious-activity",
        "suspicious-design",
        "suspicious-domain",
        "suspicious-financial-practices",
        "suspicious-redirect",
        "suspicious-subdomain",
        "targeted-phishing",
        "task-fraud",
        "task-scam",
        "tax-authority-impersonation",
        "tech-support-scam",
        "throwaway-domain",
        "tm-shop",
        "tracking",
        "typosquatting",
        "unauthorized-access",
        "unauthorized-monitoring",
        "unauthorized-sales",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "usdt",
        "variakoo",
        "wallet-drainer",
        "wallet-harvesting",
        "webcam-hijacking",
        "worten-impersonation",
        "xvideos-impersonation",
        "young-domain",
        "youtube-bots"
      ],
      "references": [
        "https://urlert.com/domain/875557.com",
        "https://urlert.com/domain/aadeaccess.cc",
        "https://urlert.com/domain/appinjects.com",
        "https://urlert.com/domain/attemportantly.my.id",
        "https://urlert.com/domain/autoaade.top",
        "https://urlert.com/domain/b-cdn.net",
        "https://urlert.com/domain/barcelonadesigntours.com",
        "https://urlert.com/domain/brsss.cc",
        "https://urlert.com/domain/casajoys.com",
        "https://urlert.com/domain/cert-sha256.co.uk",
        "https://urlert.com/domain/colettelior.com",
        "https://urlert.com/domain/crashradar.info",
        "https://urlert.com/domain/duckdns.org",
        "https://urlert.com/domain/eph.cc",
        "https://urlert.com/domain/gamedrive.org",
        "https://urlert.com/domain/hitomi.la",
        "https://urlert.com/domain/houejeam.com",
        "https://urlert.com/domain/lambdamexai.com",
        "https://urlert.com/domain/lfi9d.vip",
        "https://urlert.com/domain/ln.run"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 29,
        "URL": 20,
        "hostname": 8
      },
      "indicator_count": 57,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 32,
      "modified_text": "44 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69b0bea19b71675fe89c6b13",
      "name": "URLert Daily Threat Intel \u2014 2026-03-11",
      "description": "URLert Daily Threat Intel \u2014 2026-03-11\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 44 | Indicators: 79\nConfirmed: 15 | Likely: 23 | Domain intel: 6\nTop threats: Phishing (41), Unknown (2), Dropper (1)\nDomains: acemlna.com, amazonaws.com, cloudspire-works.com, complaterra.com, costcostudent.com, crashradar.info, effectivegatecpm.com, forms.gle, fortgame.live, fyo.cc, goo.su, hgecirrep.com, httpsm...\n\n44 unique threats producing 79 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-10T01:01:25.474000",
      "created": "2026-03-11T01:00:17.892000",
      "tags": [
        "abused-platform",
        "account-takeover",
        "adobe-impersonation",
        "advance-fee-fraud",
        "apple-impersonation",
        "arizona-dot",
        "asset-theft",
        "automated-scan",
        "aws-s3",
        "booking-com",
        "brand-impersonation",
        "brand-in-subdomain",
        "captcha-challenge",
        "chrome-malware",
        "cloudflare",
        "combosquatting",
        "compromised-site",
        "credential-harvesting",
        "cryptocurrency-fraud",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "deceptive-business-practices",
        "deceptive-domain",
        "deceptive-download",
        "deceptive-link",
        "deceptive-setup",
        "deceptive-site",
        "deceptive-verification",
        "delivery-scam",
        "developer-platform",
        "disposable-infrastructure",
        "document-viewer-impersonation",
        "domain-classification",
        "email-marketing-impersonation",
        "evasive-tactics",
        "fake-rewards",
        "fake-security-claims",
        "fake-toll-charge",
        "fake-toll-invoice",
        "financial-fraud",
        "financial-scam",
        "financial-theft",
        "fiverr-impersonation",
        "fraudulent-entity",
        "gambling-analytics",
        "gaming",
        "gift-card-scam",
        "google-impersonation",
        "government-impersonation",
        "high-risk-gambling",
        "high-risk-tld",
        "interia-portal",
        "invoice-lure",
        "israel-post",
        "job-scam",
        "large-scale-operation",
        "loan-scam",
        "login-form",
        "logistics",
        "malicious-domain",
        "malicious-infrastructure",
        "malicious-registry",
        "malware-distribution",
        "microsoft-impersonation",
        "money-mule-scam",
        "nebula-x",
        "netlify-app",
        "new-domain",
        "newly-registered-domain",
        "offer-scam",
        "olx-impersonation",
        "package-delivery-scam",
        "payment-card-harvesting",
        "payment-fraud",
        "payment-scam",
        "phishing",
        "phishing-kit",
        "phishing-site",
        "phishing-technique",
        "phone-number-harvesting",
        "playstation-network",
        "redirect-cloaking",
        "redirector",
        "remote-access-scam",
        "roblox",
        "scam",
        "scam-domain",
        "scam-potential",
        "session-hijacking",
        "seur",
        "social-engineering",
        "spam-campaign",
        "suspicious-domain",
        "t-mobile",
        "talent-community-com",
        "tech-support-scam",
        "telegram-impersonation",
        "tesla-impersonation",
        "texas-dmv",
        "threat-infrastructure",
        "tld-squatting",
        "toll-scam",
        "traffic-redirection",
        "twitter-impersonation",
        "typosquatting",
        "unwanted-software",
        "ups",
        "url-shortener",
        "urlert",
        "usdt",
        "usdt-scam",
        "vercel-hosting",
        "wallet-scam",
        "xvideos-impersonation"
      ],
      "references": [
        "https://urlert.com/domain/acemlna.com",
        "https://urlert.com/domain/amazonaws.com",
        "https://urlert.com/domain/cloudspire-works.com",
        "https://urlert.com/domain/complaterra.com",
        "https://urlert.com/domain/costcostudent.com",
        "https://urlert.com/domain/crashradar.info",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/forms.gle",
        "https://urlert.com/domain/fortgame.live",
        "https://urlert.com/domain/fyo.cc",
        "https://urlert.com/domain/goo.su",
        "https://urlert.com/domain/hgecirrep.com",
        "https://urlert.com/domain/httpsmicrosolftwrk.com",
        "https://urlert.com/domain/in2p3.fr",
        "https://urlert.com/domain/it.com",
        "https://urlert.com/domain/jaef.xin",
        "https://urlert.com/domain/ln.run",
        "https://urlert.com/domain/mobile-zmj.xin",
        "https://urlert.com/domain/netlify.app",
        "https://urlert.com/domain/ojt.cc"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Automotive",
        "Energy",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 22,
        "hostname": 10,
        "URL": 16
      },
      "indicator_count": 48,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 29,
      "modified_text": "51 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69acca3692ba71ce9792362f",
      "name": "URLert Daily Threat Intel \u2014 2026-03-08",
      "description": "URLert Daily Threat Intel \u2014 2026-03-08\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 43 | Indicators: 83\nConfirmed: 5 | Likely: 35 | Domain intel: 3\nTop threats: Phishing (36), Malware Hosting (3), Malvertising (2), Dropper (1), Unknown (1)\nDomains: beb6.com, bitly.cx, cat-mxn.com, clipsexsub3x.net, cutt.ly, datess.one, donutstake.com, ebay.com, eph.cc, fesfo.cn, firstlook.gg, gepiu.cn, google.com, hrblocks.download, it.com, kittyescr...\n\n43 unique threats producing 83 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-06T22:05:40.567000",
      "created": "2026-03-08T01:00:35.927000",
      "tags": [
        "account-management-impersonation",
        "adult-content",
        "ai-content",
        "amazon-impersonation",
        "atacadao",
        "automated-scan",
        "beb6",
        "booking-com",
        "booking-com-impersonation",
        "brand-impersonation",
        "cacau-show",
        "cacau-show-impersonation",
        "caterpillar-impersonation",
        "combosquatting",
        "compromised-site",
        "credential-harvesting",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "deceptive-buttons",
        "deceptive-claims",
        "deceptive-pop-up",
        "deceptive-redirects",
        "deceptive-rewards",
        "deceptive-sign-up",
        "deceptive-site",
        "deceptive-url",
        "discord-scam",
        "disposable-infrastructure",
        "domain-age-misrepresentation",
        "domain-classification",
        "ebay",
        "evasive-tactics",
        "facesmsmart-com",
        "fake-banking-service",
        "fake-form",
        "fake-login-portal",
        "fake-promotion",
        "fake-reward",
        "financial-sector",
        "financial-services",
        "financial-services-targeting",
        "free-game-lure",
        "game-exploitation",
        "game-exploitation-tool",
        "game-hacks",
        "gift-card-scam",
        "giveaway-scam",
        "google-docs-abuse",
        "government-impersonation",
        "hello-kitty",
        "high-risk",
        "high-risk-tld",
        "impersonation",
        "information-stealer",
        "information-theft",
        "instagram-impersonation",
        "inventory-stealer",
        "investment-scam",
        "key-less-executor",
        "malicious-redirects",
        "malicious-registry",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-reports",
        "minecraft",
        "mobile-interface",
        "netflix-impersonation",
        "new-domain",
        "newly-registered-domain",
        "nigeria",
        "phishing",
        "phishing-infrastructure",
        "phishing-site",
        "phishing-technique",
        "playstation-impersonation",
        "potential-fraud",
        "potentially-harmful-software",
        "poundstretcher-impersonation",
        "prize-scam",
        "questionnaire-scam",
        "retail-e-commerce",
        "retail-ecommerce",
        "roblox",
        "scam",
        "scam-pages",
        "scareware",
        "sfi-mall",
        "social-engineering",
        "software-download",
        "spam-distribution",
        "subnautica-impersonation",
        "survey-scam",
        "suspicious-platform",
        "suspicious-redirection",
        "suspicious-tld",
        "telegram-bot",
        "telegram-impersonation",
        "tienda-mass",
        "trojan-horse",
        "typosquatting",
        "unregulated-gambling",
        "unwanted-software",
        "unwanted-software-download",
        "url-shortener",
        "urlert",
        "usdt-scam",
        "user-deception",
        "virus-warning",
        "vpn-lure",
        "wi-fi-password-scam"
      ],
      "references": [
        "https://urlert.com/domain/beb6.com",
        "https://urlert.com/domain/bitly.cx",
        "https://urlert.com/domain/cat-mxn.com",
        "https://urlert.com/domain/clipsexsub3x.net",
        "https://urlert.com/domain/cutt.ly",
        "https://urlert.com/domain/datess.one",
        "https://urlert.com/domain/donutstake.com",
        "https://urlert.com/domain/ebay.com",
        "https://urlert.com/domain/eph.cc",
        "https://urlert.com/domain/fesfo.cn",
        "https://urlert.com/domain/firstlook.gg",
        "https://urlert.com/domain/gepiu.cn",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/hrblocks.download",
        "https://urlert.com/domain/it.com",
        "https://urlert.com/domain/kittyescraft.com",
        "https://urlert.com/domain/kkinstagram.com",
        "https://urlert.com/domain/ko2bot.com",
        "https://urlert.com/domain/ngcpx.vip",
        "https://urlert.com/domain/nkfinanse.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Hospitality",
        "Manufacturing",
        "Media / Entertainment",
        "Retail / E-Commerce"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 31,
        "hostname": 8,
        "URL": 29
      },
      "indicator_count": 68,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 29,
      "modified_text": "54 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "thecodechest.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "thecodechest.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780221840.1924098
}